I was going through our mail log files since it seemed that mail was slowing down as of late due to lots of MyDoom stuff.
I did a Mail Log File Analysis/ Sender UID, and came up with the following:
mess bytes sbytes rbytes recips tries xdelay uid
2 3384 3384 3384 2 2 0.044649 0
6862 99774675 99774675 99774675 6862 6862 521.739998 101
26256 451113373 313697711 451119838 26259 26259 67865.121550 400
11136 238809335 257685598 259649684 12910 12915 2163.614738 401
14387 219913744 146441297 219913744 14387 16438 662901.648382 406
(Sorry if this table is screwed up- couldn't figure out how to format it)
What is relevent is that 6800+ messages from uid 101, 26,000+ messages from uid 400,11,000+ messages from uid 401 and 14,000+ messages from uid 406. It seems that "real" users, have mail tagged with both the 400 and 401 UID's; UID 406 only shows "<#@[]>" and "<>" as the sender.
What do these uid's attach to, and how concerned should I be that this much e-mail is going out? I only have about 20 users and we CAN'T be sending this much mail!
Thanks,
Neil
0 Replies
714 Views